Postman

finally rooted!
I didn’t get Mt’s shell. Is there any other ways rs - M*t - root ?

@snowleaf said:

finally rooted!
I didn’t get Mt’s shell. Is there any other ways rs - M*t - root ?

The privesc opens the doors for shells, if nothing else you can do it with MSF.

I have read hint after hint and cannot seem to gain access to the initial shell using re***. If anyone can PM me that would be great!

Hello, i trying use exploit for postman(webmin) but when i have use exploit i have error "

[*] Started reverse TCP handler on 10.0.2.15:4444 
[-] Exploit aborted due to failure: unknown: Failed to retrieve session cookie
[*] Exploit completed, but no session was created.

i use kali on VM, what i do wrong? I tried to do it with the help of burpsuite, but despite the fact that there are a lot of solutions in the net with his help, something does not work for me: D, otherwise using the guide is pointless.

Hello.
I start the hacking…
The first step is w****n no ?

@Reverse87 said:

i use kali on VM, what i do wrong? I tried to do it with the help of burpsuite, but despite the fact that there are a lot of solutions in the net with his help, something does not work for me: D, otherwise using the guide is pointless.

Is this for the final step of privesc or initial foothold.

If its the initial foothold, you might want to show options and check you have everything you need for the exploit to work.

rooted this yesterday!! I feel like this is one of the easier machines that requires some manual work (which I prefer). Shoot me a msg if you end up getting stuck.

Type your comment> @TazWake said:

@Reverse87 said:

i use kali on VM, what i do wrong? I tried to do it with the help of burpsuite, but despite the fact that there are a lot of solutions in the net with his help, something does not work for me: D, otherwise using the guide is pointless.

Is this for the final step of privesc or initial foothold.

If its the initial foothold, you might want to show options and check you have everything you need for the exploit to work.

I added RHOSTS, SSL, LPORT, username and password the ones he wants to add, or the ones he logs in to webmin?

My step:

  • scan postman, i see the webmin version is vulnerable, I run msfconsole, fill in the data, run the exploit and nothing else, I get that it can’t create a session.

Type your comment> @Reverse87 said:

I added RHOSTS, SSL, LPORT, username and password the ones he wants to add, or the ones he logs in to webmin?

My step:

  • scan postman, i see the webmin version is vulnerable, I run msfconsole, fill in the data, run the exploit and nothing else, I get that it can’t create a session.

Do you have credentials which work on the vulnerable service?

Type your comment> @TazWake said:

Type your comment> @Reverse87 said:

I added RHOSTS, SSL, LPORT, username and password the ones he wants to add, or the ones he logs in to webmin?

My step:

  • scan postman, i see the webmin version is vulnerable, I run msfconsole, fill in the data, run the exploit and nothing else, I get that it can’t create a session.

Do you have credentials which work on the vulnerable service?

No :confused: i tried use burpsuite but not working :frowning: I find on github Dog9w23 exploit for webmin 1.910 but i don’t have sid. I checked in the browser cookie but there is no sid. Do I need to use a hole in webmin to get the data? The problem is that I can’t, I still get burpsuite to provide login details.

@Reverse87 said:

No :confused: i tried use burpsuite but not working :frowning: I find on github Dog9w23 exploit for webmin 1.910 but i don’t have sid. I checked in the browser cookie but there is no sid. Do I need to use a hole in webmin to get the data? The problem is that I can’t, I still get burpsuite to provide login details.

So, if you dont have credentials, attacking the vulnerable service is not the right thing to do. Move on from that port unless you get credentials.

There is another port you need to focus on, but MSF wont help you.

Type your comment> @TazWake said:

@Reverse87 said:

No :confused: i tried use burpsuite but not working :frowning: I find on github Dog9w23 exploit for webmin 1.910 but i don’t have sid. I checked in the browser cookie but there is no sid. Do I need to use a hole in webmin to get the data? The problem is that I can’t, I still get burpsuite to provide login details.

So, if you dont have credentials, attacking the vulnerable service is not the right thing to do. Move on from that port unless you get credentials.

There is another port you need to focus on, but MSF wont help you.

So for now, port 10000 drops out until I get authorization. If MSF doesn’t help me, the easy task becomes difficult: D On all the guides I saw that everyone used burpsuite for postman and nothing else. I can’t even find the correct SID for now; /

i tried use python exploit to enumerate, but i have error: "

    paramiko.common.MSG_SERVICE_ACCEPT]```

```Traceback (most recent call last):
  File "ssh.py", line 30, in <module>
    old_parse_service_accept = paramiko.auth_handler.AuthHandler._handler_table[paramiko.common.MSG_SERVICE_ACCEPT]
TypeError: 'property' object has no attribute '__getitem__'

ssh.py is 45233.py

yes i think Wn is vulnerable but the exploit need credential ?
so we have to find good credentials for w
n

But i don’t understand w****n is a server manager , so if we have credentials you can control everithing no ?

How find username/password authorized to update w****n ?

check other services for credentials, its a long way round and was unfamiliar to me at least, but a little reading and trial and error proved worth it as i got creds that could be used to progress further… keep at it!

Type your comment> @Gizmet said:

check other services for credentials, its a long way round and was unfamiliar to me at least, but a little reading and trial and error proved worth it as i got creds that could be used to progress further… keep at it!

i will try but on me still not working sparta and ssh enumerator. Check my post

I did not use burpsuite at all, put it that way

Type your comment> @Gizmet said:

I did not use burpsuite at all, put it that way

I meant that I run the metasploit exploits and get some bugs that I pasted a few posts above: Postman - #876 by Reverse87 - Machines - Hack The Box :: Forums . I wanted to put the user enumerator on ssh I can’t because I have errors, I run sparta after a while you do crash. I have been sitting over the postman for 3 days and I can’t deal with it: /

@Reverse87 said:

So for now, port 10000 drops out until I get authorization. If MSF doesn’t help me, the easy task becomes difficult: D On all the guides I saw that everyone used burpsuite for postman and nothing else. I can’t even find the correct SID for now; /

Did you only find two ports?

What guides said to use burp and nothing else? This thread has dozens of posts with the right advice.

There is even a book (which you can probably find in PDF format online) which pretty much walks you through every step of the attack.

i tried use python exploit to enumerate, but i have error: "

You cant attack the webmin service without credentials. You need to find the credentials first.

Type your comment> @TazWake said:

@Reverse87 said:

So for now, port 10000 drops out until I get authorization. If MSF doesn’t help me, the easy task becomes difficult: D On all the guides I saw that everyone used burpsuite for postman and nothing else. I can’t even find the correct SID for now; /

Did you only find two ports?

What guides said to use burp and nothing else? This thread has dozens of posts with the right advice.

Postman - #37 by Warlord711 - Machines - Hack The Box :: Forums
Postman - #37 by Warlord711 - Machines - Hack The Box :: Forums
Postman - #89 by m3ll0 - Machines - Hack The Box :: Forums
Postman - #124 by MrPennybag - Machines - Hack The Box :: Forums
Postman - #151 by twypsy - Machines - Hack The Box :: Forums
Postman - #213 by kkaz - Machines - Hack The Box :: Forums
Postman - #247 by c1cada - Machines - Hack The Box :: Forums

There is even a book (which you can probably find in PDF format online) which pretty much walks you through every step of the attack.

i tried use python exploit to enumerate, but i have error: "

You cant attack the webmin service without credentials. You need to find the credentials first.

i find 3 ports 22, 80, 10000 :slight_smile:

@Reverse87 said:

i find 3 ports 22, 80, 10000 :slight_smile:

Scan again.